Credential/condition assertion verification optimization
First Claim
Patent Images
1. A method for performing credential and condition assertion verification corresponding to a policy file, comprising:
- during an initialization process, dynamically creating comparing functions for principals, said principals having credentials, said credentials from said policy file, and dynamically creating comparing functions for states of protocol events, said events having conditions, said conditions from said policy file;
during said initialization process, dynamically creating and loading a module, said module containing said comparing functions;
during runtime, ensuring an installed policy file corresponds to said module, and, if not, repeating said initialization process using said installed policy file, thereby dynamically generating an updated module containing updated comparing functions, said updated module and said updated comparing functions corresponding to said installed policy file; and
calling said comparing functions as appropriate.
13 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus ascertain which credential and which condition both from a network security policy best describe, respectively, information about initiator and target principals involved in an interaction, and tests performed on a state of an associated protocol event.
-
Citations
12 Claims
-
1. A method for performing credential and condition assertion verification corresponding to a policy file, comprising:
-
during an initialization process, dynamically creating comparing functions for principals, said principals having credentials, said credentials from said policy file, and dynamically creating comparing functions for states of protocol events, said events having conditions, said conditions from said policy file;
during said initialization process, dynamically creating and loading a module, said module containing said comparing functions;
during runtime, ensuring an installed policy file corresponds to said module, and, if not, repeating said initialization process using said installed policy file, thereby dynamically generating an updated module containing updated comparing functions, said updated module and said updated comparing functions corresponding to said installed policy file; and
calling said comparing functions as appropriate. - View Dependent Claims (2)
-
-
3. A method for performing credential and condition assertion verification corresponding to a policy file, said policy file comprising credentials, conditions, and a hash value, said method comprising:
-
loading said policy file into an in-memory representation;
requesting loading an assertion verification dynamically loadable library, herein referred to as DLL, said DLL comprising a predetermined hash return function, principal/credential comparing functions, and protocol/condition comparing functions;
if said DLL exists;
loading said DLL into said memory; and
calling a predetermined function in said DLL for a return value, whereby said loading is complete if said returned value equals said hash value of said policy file;
if said DLL does not exist or if said loading said DLL is not complete;
invoking a code generation function for generating an updated assertion verification DLL from an assertion code file, said generated DLL corresponding to said policy file;
compiling and linking said assertion code file, thereby generating said updated assertion verification DLL corresponding to said policy file;
loading said updated assertion verification DLL into said memory; and
during runtime, calling said comparing functions in said DLL in memory as appropriate. - View Dependent Claims (4, 5, 6, 7)
-
-
8. An apparatus for performing credential and condition assertion verification corresponding to a policy file, said policy file comprising credentials, conditions, and a hash value, said apparatus comprising:
-
means for loading said policy file into an in-memory representation;
means for requesting loading an assertion verification dynamically loadable library, herein referred to as DLL, said DLL comprising a predetermined hash return function, principal/credential comparing functions, and protocol/condition comparing functions;
if said DLL exists;
means for loading said DLL into said memory; and
means for calling a predetermined function in said DLL for a return value, whereby said loading is complete if said returned value equals said hash value of said policy file;
if said DLL does not exist or if said loading said DLL is not complete;
means for invoking a code generation function for generating an updated assertion verification DLL from an assertion code file, said generated DLL corresponding to said policy file;
means for compiling and linking said assertion code file, thereby generating said updated assertion verification DLL corresponding to said policy file;
means for loading said updated assertion verification DLL into said memory; and
during runtime, means for calling said comparing functions in said DLL in memory as appropriate. - View Dependent Claims (9, 10, 11, 12)
-
Specification